Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
Printable View
Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
You spell like Pooh.
I couldn't help it, sorry.
lol...bet ya could have :P
A good fly trap would have a simulated network with layers ie servers, routers, printers, workstations. Im not sure if you know of this site but it might be interesting to you http://project.honeynet.org/
Here is some info (cut-n-paste)
Ready-Mades
There are quite a number of ready-made honeypots, free and commercial. A couple of freebies that I like, not only for their functionality, but because the source code is available to audit and modify:
The Deception Toolkit is completely fake, it depends on Perl scripts to create a simulated environment. It includes a lot of fancy sidestepping and double-talk, such as fake coredumps, fake ports, and fake error messages. It is designed to lure an intruder down the garden path and keep them going until they've created an extensive trace. It gives quite a bit of flexibility in creating realistic scenarios to fool intruders, depending how advanced your scripting skills are. The author states that it is not good enough to fool a truly skilled cracker, but will create enough confusion to foil most of them.
LaBrea creates a tarpit or, as some have called it, a "sticky honeypot". (I think of it as a roach motel for crackers.) It takes unused IP addresses on a network and creates virtual machines that answer connection attempts. Intruders get hung up, sometimes for a long time. It uses what it calls "persist mode trapping" to maintain a connection for the longest possible time, tying up the intruder's time and bandwidth. What is really cool is it also throttles your bandwidth- what a perfect world, wasting an attacker's time and bandwidth while preserving your own.
Risks
A poorly-contained honeypot puts the rest of your network at risk. There is also the temptation to retaliate. Be careful, stay within legal means. Returning tit for tat only gets you in trouble. Remember, the goal is to increase your own security, not go to war with the script kiddies.
hope this helps you and good luck with your project!!
i going to make a cray out of curtains
Tedob1> Mine is out of a cardboard box.... It looks more like an Irix though. Just ask hogfly about it sometime (he is normally on irc.antionline.com )
anyway
trials> The more you can add to it the better. You obviously don't want to go overboard and have 200 open ports, because that would look suspecious, but 7 to 10 ports on any given server isn't very rare. As seeker said, if you can make it look like an entire network, that is even better. All I have to say is good luck doing it all in VB though...
yea VB might not be the best choice for this...maybe u should try C...when i see a VB like prog i get a bit sucpecious considering lots of virri is made in VB due ot its ease of use :/
Why don't you take a look at Port Sentry? They've been doing this type of thing for quite a while. You might get some ideas there.
www.psionic.com
Thanx for all your help everyone and sorry about the spelling. I would code in in C but i havent got the hang of it yet.
I'd say write it in C because most people who'd be using TELNET for anything interesting will probably be running and operating system (eg. Linux, BSD...etc) which doesn't accept VB.
I'm confused at your answer jethro. The client's computer shouldn't even be able to tell that the service running on the other end is a VB service. For example, if he were emulating POP3, the service would just connect itself to a port, listen for connections and act like a pop server would act. Obviously, the service wouldn't be a fully functional POP3 server, but it would emulate just enough to keep the skiddie from being suspicious while recording all of his/her actions. So VB can do the job, it's just not going to be as easy to implement as it would be in C. On the up side, maybe a VB program would be a little better protected from coding errors that lead to buffer overflows, just beause the script kiddies will be expecting a service written in C. Who knows... it's a good concept, but will require lots of coding to make it work well. Good luck trials, and let us know if you have any success stories.
Its going ok so far but havent really got round to doing that much to it, people can login to it as guests, its got a fake c:\ drive and it logs all all the ip's that connect and all the commands that are sent. At the moment im just working on all the different commands that can be sent like cd and things like that. It would be better using C because it is a pain to reboot into win, thanx for all your help ill keep you updated on it.
Sounds like a cool project. Good Luck :)
C Code would be a nice "addition," but people have probably already beat that over your head by now.Quote:
Originally posted here by trials
Im going to make a hunnypot kind of program which will fake services like telnet and log everything that happens, its goin to be coded in vb. I was wondering if anyone has any ideas of what kind of things i could add to it?
Sure, it's all great untill an attacker finds an exploit in your code and hacks in. There is a considerable risk of compromising your host machine when doing something like this.
Another thing to consider would be to install Linux, NT or whatever in VMware to simulate a honeypot. You could then put IDS on the host machine and log all of the activity.
--Sudo